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Who am I? 



CEO and Principal Consultant of Secured ITSolutions-A 
Cyber Security and ITsupportand service providerfor public 
and private sector organizations 

- Some clients include the following: Switch; Long Beach, CA; Burbank, CA; 
U.S. Dept, of Energy; NNSA; U.S. Dept, of Defense; Clark County Water 
Reclamation District; Federal Communication Commission 

Certified SANS Instructor 
Experience 

- 20 years in IT 

- 15 years in Cyber Security 

Mastersof Science in Management Information Systems 
Top industry certifications: 

- GLSC, GSEC, CISSP, GCIH, GPEN, GISF 

- QSA (lapse) 
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What do we think when we hear 

this word? 
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Why does it have such a 
negative connotation? 
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Probably because this is 
engrained in us as kids 
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How many black dots do you count? 



35 ? 

15 ? 

20 ? 
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Keep pointing at the road that looks different 


By Kimbvrtey E?, Qrstwn and Janm R, Poirowntz 
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Are these 
circles in a 
straight 
line? 
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Which black line is longer? 
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What’s the feeling we get from 
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Failure 


• What does failure mean to us when it 
comesto cyber security? 


- Incident? Breached? 

- Fined - compliance? 
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Does it mean... being one these 

firms? 
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Organizations with Massive 

Data Breaches 


Ya hoo (2016 / 2013) 

- Initially thought 1 Billion 

- 3 Billion-Oct 2017 

Ya hoo (2016 / 2014) 

- 500 Million 

eBay (2014) 

- 145 Million 

Equifax (2017) 

- 143.5 Million 

Heartland Payment Systems 
(2009) 

- 130 Million 

Target (2013) 

- 110 Million 

Tk-T) Max (2007) 




- 94 Million 

J P Morgan Chase (2014) 

- 83 Million 

Anthem (2015) 

- 80 Million 

Sony Play Station (2011) 

- 77 Million 

Home Depot (2014) 

- 56 Million 

Ashley Madison (2015) 

- 32 Million 

Office of Personnel 
Management (2015) 

- 21.5 Million 
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Source: USA Today and Business Insider 
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OR does it mean, 

to 
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being victim 
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https://www.rt.com/news/china-blames-us-hacking-051/ 





















Images from: IBTimes UK, Security 
Magazine, RT 



































What does failure mean when it 
comes to compliance? 
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WRONG 

FAILOF1EN AND FAST 

• Fail often and grow (leam fast-fail 
forward) 

- O k to fa il Pen Tests 

- O k to fa il a ud its 

- Leam to be able to respond fast 

• Improvesthe meantime to detected and respond 







Impact 


Deja vu, repeated 
cyber incidents 


Self-assessment 
and Audits 
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Forward Failures 


True focused or 
sophisticated 
attacks 


Fast detected, 
contained, and 
responded 
incidents 
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Pass the audits and become 

like: 


• Yahoo (SOX) 

• eBay (SOX) 

• Heartland 
Payment Systems 
(PCI) 

• Target (PCI) 

• Tk-TJ Max (PCI) 

AO.SECUREDIT 

n i t i x i rt u q 


J P Morgan Chase 
(GLBA, PCI, SOX, 
etc.) 

Anthem (HIPAA) 

Sony Play Station 
(PCI) 

Home Depot (PCI) 
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Organizations with Massive 
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Impact 


Deja vu, repeated 
cyber incidents 


Self-assessment 
and Audits 
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Forward Failures 


True focused or 
sophisticated 
attacks 


Fast detected, 
contained, and 
responded 
incidents 
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The concept of failing fast and 

often 


Book Art and Fear bv David Baylesandp" 
Ted Orland 


Ceramic class split into 2gnoupsand 
provided 2 different grading criteria 

- Group 1 wasgraded on quantity of pots they 
produce while Group 2 wasgraded on quality 
pot 

- Group 1 ended up producing the best work in 
quality (technical and artistic sophistication) 






• An example of a company succeeding 
by experiencing many failures in the last 
10-15 years. 

- became the first privately funded group to puta 
payload in Earth orbit, in 2008. 

- launching unmanned cargo vehiclesto the 
International Space Station (ISS) and 

- has$4.2 billion in contractsfrom NASA alone and its 
recent success in cracking the defense contract 
business 

• Late 2016 win contract (value of $112 million) from NASA 
and early 2017 to fly astronauts 



Failures experienced 


2006 The first SpaceX launch fails just 33 
seconds after lift-off. Cause: a rusty nut. 

2007 The engines shut down prematurely and 
the rocket fails to reach orbit. SpaceX is 0 for 
2 . 

2008 SpaceX'sfirst payload forNASA; 
Dayload ended up in the sea instead. This 
:hird failure almost killed the company. It was 
saved— just a dayafterthe crash—by 
billionaire Petermiel, the company's first 
outside investor. 





Failures experienced 

- September 2013: Hard impact on ocean 

- April 2014: 1 st So ft Water Landing 

- J uly 2014: 2 nd Soft Water Landing but breaks a part after landing 

- August 2014: Engine Sensor Failed - Rocket blew up on air 

- September 2014: Ran out of liquid oxygen 

- J anuary 2015: Ran out of hydraulic fuel 

- April 2015: Stick throttle valve 
Dec 2015 first Successful Landing 

- J an 2016: Landing leg collapsed 

- March 2016 Landing burned failed 

April 2016: first successful drone ship landing 

- May 2016 Radarglitch and Leg broke 

- June 2016: Ran out of propellant 

March 2017: first launch and landing of a reused first stage. 
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Deja vu, 
repeated cyber 
incidents 



Self-assessment 
and Audits 
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Failures 


True focused or 
sophisticated 
ittacks 


Fast detected, 
contained, and 
responded incidents 
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Growth and 


Growing so lesser 
experiences of failing 
because of Deja vu 
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Failures 


Get here to effectively fight 
and defend by failing often 
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Learning from failures not easy 


• Learning is not instantaneous or automatic 

- People feel grief which obstructs our a bility to 
learn from failure 

• People need to have the feeling 

• But you need to notallow the grief of the loss affect the 
inability to learn from a failures 

• Make the most of failures 

- Emotionally capable organization 

• Don't desensitize failures 
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How to foster learning from 

failures? 

• Use every opportunity 

- Quantity over Quality 

• Foe us on the right and calculated failures 

Tailoring the easy-to implement failing forward suggestion 
from Fail Fast, Fail Often 

- Identify the impacts 

- Reverse thinking: lookat ways you can fail 

• Drivesprocessimprovementand maturity 

• Drives Offensive Defense 

- Do itanyways: Getoutthere and give ita try 

• Ex. No repercussion forblocking sitesforan hour 

- Case study with watering hole 
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How to foster learning from 

failures? cont. 

• Fail Forward: use exploratory action to learn 
and discover 

- Threat Intelligence 

• Find the next challenge: Seek out the next 
opportunity to reach your limits. 
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Sources 

limes.com 
Fortune.com 
Verizon DBIRand DBD 

Fail Fast, Fail Often How Losing can help, you w/n. By: Ryan Babineaux, Ph.D 
and J ohn Krumboltz, Ph.D 

limeline.com 

Forbes.com 

“How Not to Land an Orbital Rocket Booster Youtube compilation 
Art and Fear bv: Ted Orland and David Waylon 
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Email: 

Phone: 

Web: 

Location 


Questions??? 

My-Ngoc Nguyen 

myngoc n(gSec nSol.c om 
(702) 608-0437 
Sec uied nSolutions.c om 
6795 Edmond Street 
Las Vegas, NV 89118 





